UPDATED: Added IOActive post
As many of you have seen today, there's been plenty of press about us opening up the SDL for use by other software developers and releasing our threat modeling tool. For those of you who have no clue what the heck I'm talking about, here are a handful of articles about what happened today:
- Microsoft becomes high priest of secure software development (C|Net)
- Microsoft looks to spread secure software expertise (Computerworld)
- Microsoft to Share Its Secure Development Blueprint, Threat Modeling Tool (Dark Reading)
I'm not sure about the "High Priest" moniker, but what the heck 🙂
I'm really excited to see the SDL move forward and most importantly, outward. We have learned a great deal about what it takes to make steps toward securing software. We don't expect perfection, but if more people embrace some of the principles we define in the SDL, and we have experienced and knowledgable partners scale the effort, I think the IT world will be a substantially more secure place.